Yangliu

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess/SCADA versions 9.1.3 and prior **Description** The issue is related to incorrect code generation management in the Advantech WebAccess software, which could allow an attacker to overwrite any file in the operating system, including system files, inject code into an XLS file, and modify the file extension. This could lead to arbitrary code execution. An attacker could exploit this issue remotely. **Recommendations** For versions 9.1.3 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccss/SCADA versions 9.1.3 and prior **Description** The issue is related to an arbitrary file upload vulnerability. This could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, leading to remote code execution. The vulnerability is associated with unlimited upload of dangerous file types, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Advantech WebAccss/SCADA versions 9.1.3 and prior, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the certificate file upload module to minimize the risk of remote code execution. Avoid using the file upload feature for certificate files with ASP extensions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccss/SCADA versions 9.1.3 and prior **Description** The issue is related to an arbitrary file upload vulnerability. This could allow an attacker to upload an ASP script file to a webserver when logged in as a manager user, leading to arbitrary code execution. **Recommendations** For Advantech WebAccss/SCADA versions 9.1.3 and prior, consider restricting access to the file upload feature to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the types of files that can be uploaded to prevent malicious scripts from being executed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.